CVE-2019-11321

Published: Apr 18, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices.

Affected (2)

Products: Motorola: Cx2 Firmware, M2 Firmware

Motorola

2 products

Cx2 Firmware

M2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Motorola Cx2 Firmware	Version 1.01

Running on/with	Platform Versions
Motorola Cx2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Motorola M2 Firmware	Version 1.01

Running on/with	Platform Versions
Motorola M2	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.